C# 16: Microsoft plans stricter rules for unsafe code
Microsoft is revising C#'s unsafe model based on Rust's example. The goal: fewer memory errors and thus fewer security vulnerabilities.
(Image: Zakharchuk / Shutterstock.com)
- Manuel Masiero
Microsoft wants to improve memory safety in C#. To achieve this, the .NET team is revising the existing unsafe model with the goal of making unsafe operations more visible and verifiable, which should prevent memory errors and thus security vulnerabilities. The changes are expected to go live with C# 16, which is anticipated to be released at the end of 2027.
AI coding favors memory errors
The existing unsafe model is as old as C# 1.0, released in 2002. However, there is now a need for change, partly due to the high speed of AI-assisted software production, as it scales faster than human review, which can lead to more memory errors. This is stated by .NET Product Manager Richard Lander in a detailed blog post.
Since many security vulnerabilities stem from memory errors, international security authorities have long recommended using memory-safe programming languages in commercial software development, with Rust also being explicitly mentioned.
Videos by heise
No more hiding
C# already blocks unsafe code by default, but the new security model is intended to cover a significantly larger scope. To achieve this, the .NET team has taken inspiration from Rust and plans to adopt Rust's concept of visibility and propagation of unsafety, as well as its syntax, for C#.
The newly defined keyword unsafe will in the future apply at the member level instead of the type level, i.e., where a specific unsafe memory access occurs, such as in a particular method or property.
Furthermore, pointer types are no longer automatically considered unsafe, but only when they access memory content. This is intended to prevent security rules and assumptions from being hidden or implicitly assumed. Now they should be clearer and more verifiable for developers, according to Richard Lander.
For .NET 11 and C# 15, Microsoft plans an opt-in preview of the new unsafe model. The final version is expected to be released around the end of 2027 with C# 16 and .NET 12. To encourage the use of the new security model, there might be special badges for corresponding libraries from package maintainers on NuGet.org, the package repository for .NET, in the future.
(mro)
